Catching the Contagious Interview Bug

Daniel Gordon

Contagious Interview is suspected North Korean hacking activity suspected to be linked to DPRK IT workers. Based on malware, lures, infrastructure themes, and victim information, Contagious Interview focuses exclusively on cryptocurrency theft.

This talk will:
- Briefly cover a mindmap of DPRK hacking groups and where Contagious Interview fits in.
- Cover the attributes of Contagious Interview activity
- Go through some examples of identifying adversary GitHub repositories and following connections
- Pivoting to find Contagious Interview infrastructure
- Describe some hilarious opsec mistakes
- Talk about why recent reporting from Phylum is attributable to Contagious Interview and how the group has evolved slightly.
- Give some takeaways for threat intelligence analysts